CVE-2024-41285

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fastcom:fw300r_firmware:1.3.13_build_141023_rel.61347n:*:*:*:*:*:*:*
cpe:2.3:h:fastcom:fw300r:-:*:*:*:*:*:*:*

History

27 Aug 2024, 16:03

Type Values Removed Values Added
CPE cpe:2.3:h:fastcom:fw300r:-:*:*:*:*:*:*:*
cpe:2.3:o:fastcom:fw300r_firmware:1.3.13_build_141023_rel.61347n:*:*:*:*:*:*:*
CWE CWE-787
First Time Fastcom
Fastcom fw300r Firmware
Fastcom fw300r
Summary
  • (es) Un desbordamiento de pila en FAST FW300R v1.3.13 Build 141023 Rel.61347n permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) a través de una ruta de archivo manipulada.
References () https://gist.github.com/Giles-one/834b2becd7abebc3cabea0484301d149 - () https://gist.github.com/Giles-one/834b2becd7abebc3cabea0484301d149 - Third Party Advisory
References () https://github.com/Giles-one/FW300RouterCrack/ - () https://github.com/Giles-one/FW300RouterCrack/ - Exploit
References () https://www.fastcom.com.cn/product-8.html - () https://www.fastcom.com.cn/product-8.html - Product

26 Aug 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-120

26 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 16:15

Updated : 2024-08-27 16:03


NVD link : CVE-2024-41285

Mitre link : CVE-2024-41285

CVE.ORG link : CVE-2024-41285


JSON object : View

Products Affected

fastcom

  • fw300r
  • fw300r_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')